Flatpak is a Linux application sandboxing and distribution framework.
A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details.
A malicious or compromised Flatpak app using persistent directories could read and write files in locations it would not normally have access to.
There is no known workaround at this time.
All Flatpak users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/flatpak-1.4.10"